Hi,
I am using a mix of Samba 3.0.13 and 3.0.20 on Linux (basically, Mandrake 10
and 10.2). I haven't tested this yet on the 3.0.20 machines, but on the
3.0.13 machines I'm seeing something very disturbing.
I have set up a number of shares which are accessible only to members of the
group "workers". The shares are set to NOT allow guests even read
only
access. When clicking on the shares in Windows Explore, Samba and/or Windows
will
prompt the user for a username and password (if the user isn't logged on to
his/her Windows workstation with a valid Linux/smb username and password).
After supplying a valid username and password, the user can mount the share as
a
network drive and thereafter all other shares to which he/she has access.
However, I have just discovered that if I create a *.bat file, I can run
"net use" to mount the share simply by supplying a valid username. I
am never
prompted for a password (I can include the password in the "net use"
line --
i.e.,
net use M: \\netbiosname\sharename "password" /USER:username
But if I simply leave out the "password" the share mounts all the
same. And
I can read and write to the share. Seems kind of dangerous to me.
I know that windows caches lots of usernames and passwords, so I went to the
place where Windows stores those things and deleted the listings for the
server in question. After completely rebooting the Windows machine, I was still
able to log on via "net use" without supplying a password.
Has this issue been seen before?
Andy Liebman